1 / 5

Architecting Security into Research Projects

Architecting Security into Research Projects. George O. Strawn NSF CIO. Points to consider. Draft NSF statement on PI responsibilities Draft NSF Guidelines for IT security At what cost?. Draft Article on Cyber-security for FATC Supplements for Large Facilities and FFRDCs.

garren
Download Presentation

Architecting Security into Research Projects

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Architecting Security into Research Projects George O. Strawn NSF CIO

  2. Points to consider • Draft NSF statement on PI responsibilities • Draft NSF Guidelines for IT security • At what cost?

  3. Draft Article on Cyber-security for FATC Supplements for Large Facilities and FFRDCs The awardee is responsible for all information technology (IT) systems security and associated equipment and information, funded directly or indirectly by this award. The awardee shall present to the cognizant NSF Program Officer and Grants and Agreements Officer an IT security plan addressing policies and procedures for review and approval within 60 days of award. The plan should include evaluation criteria that will measure the successful implementation and deployment of the plans, policies and procedures. For further assistance and guidance please review Draft NSF IT Security Guide for Large Facilities found at (…)

  4. Draft Guidelines for IT Security of NSF Large Facilities • Table of Contents • Preface • I. Introduction • II. Overview • III. Categorization of Systems • IV. NSF Minimum Security Requirements • V. Best Practices • Appendix A – Glossary of Terms

  5. At what cost? • Underinvestment is common • Unfunded mandate? • Need to compare cost of potential outage(s) with cost of IT security program • Investment may follow major outage or “management enlightenment”

More Related